HackDig : Dig high-quality web security articles for hacker

Twittor is a stealthy Python based backdoor using Twitter (Direct Messages) as a command and control server. This project has been inspired by Gcat which does the same but using a Gmail account.SetupFor this to work you need:A Twitter account (Use a dedicated account! Do not use your personal one!)Register an app on Twitter with Read, write, and direct messa

Gcat is a stealthy Python backdoor that uses Gmail as a command and control server. It’s fairly basic right now, but it’s an interesting proof of concept and if the community got behind it and contributed some new features it could be a pretty powerful piece of kit.Feature wise it doesn’t have that much, you can’t upload files yet, bu

A slimmed down version of Cryptowall is in circulation, and this one contains no built-in exploits, confirming a growing trend that most ransomware will be spread almost exclusively via exploit kits.Kits such as Angler, Nuclear, and most recently Hanjuan, have been busy incorporating Flash exploits dropping a mix of click-fraud malware and ransomware with gr

Shape Security recently found a new strain of malware that executes a unique command and control attack. While these attacks are common, this one hides in unsent Gmail drafts, making it surprisingly difficult to detect.Will similar command and control evasion techniques target other unassuming programs?Listen to our latest security slice podcast and hear Tim

We regularly write about "bots", or "zombies," malicious programs that let cybercriminals take over your computer from afar.Some malware is pre-programmed for one specific criminal act, such as ransomware that scrambles your data and demands a fee to get it back.But most bots or zombies are kitted out with a wide range of "features." Any of these can be cont